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AMENDMENTS TO THE CLAIMS 

Claims 1-3. (Canceled) 

4. (Currently amended) A method of verifying a program fragment downloaded onto 
a reprogrammable on board embedded system, such as a microproc e ssor card equipped with a 
rewritable memory, a microprocessor and a virtual machine equipped with an execution stack 
and with operand registers, said program fragment consisting of an object code and including at 
least one subprogram [,] consisting of a series of instructions manipulating said operand registers, 
by th e microproc e ssor of th e on — board syst e m by way of a virtual machin e e quipp e d with an 
e xecution stack and with op e rand r e gist e rs manipulat e d by th e s e instructions, and said 
microprocessor and virtual machine making it possible to interpret [this] said object code, said 
en — board embedded system being interconnected to a reader, charact e riz e d in that said method, 
following wherein subsequent to the detection of a downloading command and the storage of 
said object code constituting [this] said p rogram fragment in said rewritable memory, consists, 
said method, for each subprogram , includes: 

a) in carrying out a stag e of initializing the type stack and the table of register 
types [by] through data representing the state of the virtual machine at the starting of the 
execution of [the] said temporarily stored object code; 

b) in carrying out a verification process of said temporarily stored object code 
instruction by instruction, by discerning the existence, for each current instruction, of a 
target, a branching — instruction target, a target of an exception — handler call or a target 
of a subroutine call, and, said current instruction being the target of a branching 
instruction, said verification process consisting in verifying that the stack is empty and 
rejecting the program fragment otherwise; 
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e)4ft carrying out a verification process and an updating of the effect of said 
current instruction on the data types of said type stack and of said table of register 
types[J; 

on th e basis of th e e xist e nc e of a branching — instruction targ e t, of a targ e t of a subroutin e 

call or of a targ e t of an e xc e ption handl e r call , said verification process being 

successful when the table of register types is not modified in the course of a verification 
of all the instructions, and [the] said verification process being carried out instruction by 
instruction until the table of register types is stable, with no modification being p resent, 
the verification process being interrupted and said program fragment being rejected, 
otherwise. 

5. (Currently amended) The [verification]method [as claimed in] of claim 4, 
[characterized in that] wherein the variable types which are manipulated during [the] said 
verification process include at least: 

[ — ]class identifiers corresponding to object classes which are defined in the program 
fragment; 

[- ]numeric variable types including at least a type short , for an integer coded on [p] a 
given number of bits, designated as short type, and a type r e taddr for the return 
address of a jump instruction [JSR] , designated as a return address type ; 

[- a type null relating to] references of null objects designated as null type; 

[ — a] object type obj e ct relating to objects designated as object type; 

[- ]a first specific type ttj representing the intersection of all the types and 
corresponding to the zero value [0, nil ] , designated as the intersection type ; 
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[- ]a second specific type [T,] representing the union of all the types and corresponding to 
any type of value, designated as the union type . 

6. (Currently amended) The m [M]ethod as claim e d in of claim 5, charact e rized in 
that wherein all said variable types verify a subtyping relation: 

[object e T] object type belongs to the union type ; 
[ short , retaddr e T] short type and return address type belong to the union type ; 

tb ejiull, short , retaddr ] the intersection type belongs to null type, short type or return address 
type. 

Claim 7. (Canceled) 

8. (Currently amended) The method [as claimed in one] of claim [s] 4 [to 7], 
[characterized in that when] wherein said current instruction [is] being the target of a subroutine 
call, said verification process [verifies] consists in: 

verifying t hat the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a [raising] withdrawal of an exception al; and 
said v e rification proc e ss, in th e cas e of a positiv e v e rification, proc ee ding to 
reupdat[e]ing the stack of variable types by an entity of [ retaddr ] the return address 
type, formed by the return address of the subroutine, in case of a positive 
verification process; and^ 

[the Rejecting said program fragment in case said verification process is_failing a and th e 
program fragment b e ing r e ject e d otherwise. 
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9. (Currently amended) The method [as claimed in one] of claim[s] 4 [to 8], 
[characterized in that when thel wherein said current instruction [is] being the target of an 
exception handler, said verification process [verifies] consists in: 

verifying that the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a [raising] withdrawal of an exception[,]; [said 
verification process, in] and 

reupdating the type stack, by entering the exception type, in [the] case of a positive 
verification process; p roce e ding to r e updat e th e typ e stack by ent e ring th e 
e xc e ption typ e , and th e verification proc e ss failing and the program fragm e nt 
b e ing rej e ct e d and 

rejecting said program fragment in case of said verification process is failing, otherwise. 

10. (Currently amended) The method [as claimed in one] of claim[s] 4 [to 9], 
[characterized in that when the] wherein said current instruction [is] being the target of multiple 
incompatible branchings, [the] said verification process is fail[s]ed and [the] said p rogram 
fragment is rejected. 

11. (Currently amended) The method [as claimed in one] of claim [s] 4 [to 10], 
[characterized in that when thej wherein said current instruction [is]bemg not the target of any 
branching, [the] said v erification process [continues] consists in continuing by passing to an 
update of the type stack. 

12. (Currently amended) The method [as claimed in one] of claim [s] 4 [to 11], 
[characterized in that the stage] wherein said step of verification of the effect of the current 
instruction on the type stack includes, at least: 
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[- a stage of ]verifying that the type execution stack includes at least as many entries as 
the current instruction includes operands; 

[- a stage of ]unstacking and [of] verifying that the types of the entries at the top of the 
stack are subtypes of the types of the operands types of the operands of [this] said 
current instruction; 

[- a stage of ]verifying the existence of a sufficient memory space on the types stack to 
proceed to stack the results of [the] said current instruction; 

[- a stage of] stacking on the stack data types which are assigned to these results. 

13. (Currently amended) The method [as claimed in]of claim 12, [characterized in 
that when the] wherein said current instruction [is]being_an instruction to read a register ofji 
given address [n], [the] said verification process consistsjn: 

[ — in ]verifying the data type of the result of [this] a corresponding reading, by reading 
[the] an entry [n] at said given address in the table of register types; 

[ — in ] determining the effect of [the] said current instruction on the type stack by 
unstacking the entries of the stack corresponding to the operands of [this] said 
current instruction and by stacking the data type of [this] said result. 

14. (Currently amended) The method [as claimed in]of claim 12, [characterized in 
that when the] wherein said current instruction [is]being_an instruction to write to a register of a 
given address [m], [this] said verification process consistsjn: 
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[ — in ] determining the effect of the current instruction on the type stack and the given 
type [t] of the operand which is written in this register [of| at said given address[ 
m]; 

[ — in Replacing the type entry of the table of register types at said given address [m ]by 
the type immediately above the previously stored type and above the given type [t 
]of the operand which is written in this register [of] at said given address [ m]. 

15. (Currently amended) A method of transforming an object code of a program 
fragment including a series of instructions , in which the operands of each instruction belong to 
the data types manipulated by [this] said instruction, the execution stack does not exhibit any 
overflow phenomenon, and for each branching instruction, the type of the stack variables at [this] 
a corresponding branching is the same as [at the"| that of targets of this branching, into a 
standardized object code for this same program fragment, in which th e operands of e ach 
instruction b e long to th e data typ e s manipulat e d by this instruction, th e e x e cution stack do e s not 
e xhibit any ov e rflow ph e nomenon, th e ex e cution stack is e mpty at each branching instruction 
and at each branching — targ e t instruction, characteriz e d in that this m e thod consists, wherein, for 
all the instructions of said object code , said method consists in : 

[- in ] annotating each current instruction with the data type of the stack before and after 
execution of [this] said current instruction, with the annotation data being 
calculated by means of an analysis of the data stream relating to [this] said current 
instruction; 

[- in ] detecting, within said instructions and within each current instruction, the existence 
of branchings, or respectively of branching-targets, for which said execution stack 
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is not empty, [the] said detecti[on]ng operation being carried out on the basis of 
the annotation data of the type of stack variables allocated to each current 
instruction^]; and in [the presence] case of detection of a non-empty execution 
stack, 

[- in ] inserting instructions to transfer stack variables on 
either side of [these] said branchings or of [these] said branching targets [,] 
respectively^ in order to empty the contents of the execution stack into temporary 
registers before [this] said branching and to reestablish the execution stack from 
said temporary registers after [this] said branching^]; and [in ]not inserting any 
transfer instruction otherwise, [making it possible] said method allowing thus to 
obtain a standardized object code for [this] said same program fragment, in which 
the operands of each instruction belong to the data types manipulated by said 
instruction, the execution stack does not exhibit any overflow phenomenon, the 
execution stack is empty at each branching instruction and at each branching — 
target instruction, in the absence of any modification to the execution of said 
program fragment. 

16. (Currently amended) A method of transforming an object code of a program 
fragment including a series of instructions , in which the operands of each instruction belong to 
the data types manipulated by [this]said instruction, and an operand of given type written into a 
register by an instruction of this object code is reread from this same register by another 
instruction of [this] said object code with the same given data type, into a standardized object 
code for this same program fragment, in which th e op e rands of e ach instruction b e long to th e 
data typ e s manipulat e d by this instruction, th e sam e data typ e b e ing allocat e d to th e sam e register 
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throughout said standardiz e d object cod e , charact e riz e d in that this mothod consists, wherein for 
all the instructions of said object code , said method consists in : 

[- in ]annotating each current instruction with the data type of the registers before and 
after execution of [this] said current instruction, with the annotation data being 
calculated by means of an analysis of the data stream relating to [this] said 
instruction; 

[- in Jcarrying out a reallocation of [the] said registers, by detecting the original registers 
employed with different types, [by]dividing these original registers into separate 
standardized registers, with o ne standardized register for each data type used, and 

reupdating the instructions which manipulate the operands which use said 
standardized registers; 

said method allowing thus to obtain said standardized object code for this same program 
fragment in which the operands of each instruction belong to the data types manipulated 
by said instruction, the same data type being allocated to the same register throughout 
said standardized object code , 

17. (Currently amended) The method [as claimed in] of claim 15, charact e riz e d in 
that th e stag e consisting i n wherein said detecting[,] within said instructions and within each 
current instruction^] of the existence of branchings, or respectively of branching targets, for 
which the execution stack is not empty, [consists, following] after detection of each 
corresponding instruction of given rank [i]consists in: 
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[- in ] associating with each instruction of said given rank [i ]a set of new registers, one 
new register being associated with each stack variable which is active at this 
instruction; and 

[- in ] examining each detected instruction of said given rank [i ]and [in ] discerning the 
existence of a branching target or branching, respectively^]; and, in the case 
where the instruction of said given rank [i] is a branching target and that the 
execution stack at this instruction is not empty, 

[• ]for every preceding instruction, of rank [i — h] preceding said given rank and 
consisting of a branching, a [raising] withdrawal of an exception or a program 
return, [the] said detected instruction of said given rank [i] being accessible only 
by a branching, 

[•• ] [in]inserting a set of loading instructions [load]to load from the set of new registers 
before said detected instruction of said given rank[ i], with a_redirection of all 
branchings to the detected instruction of said given rank [i ]to the first inserted 
loading instruction[load]; and 

[• ]for every preceding instruction, of rank [i — 1] preceding said given rank , continuing 
in sequence, [the] said detected instruction of said given rank [i ]being accessible 
simultaneously [by] from a branching and from [the] said preceding instruction of 
rank [i-1] preceding said given rank , 

[•• ] [in] inserting a set of backup instructions [store] to back up to the set of new 
registers before the detected instruction of said given rank[ i], and a set of loading 
instructions [load ]to load from this set of new registers, with a_redirection of all 
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the branchings to the detected instruction of said given rank [i ]to the first inserted 
loading instruction[ load], and, in the case where said detected instruction of said 
given rank [i ] is a branching to a given instruction, 

[• ]for every detected instruction of said given rank [i Consisting of an unconditional 
branching, 

[••] [in] inserting, before the detected instruction of said given rankf i], multiple backup 
instructions [ store], a backup instruction being associated with each new register; 
and 

[• ]for every detected instruction of said given rank [i Consisting of a conditional 
branching instruction , and for a given number [m > 0] greater than zero of 
operands manipulated by [this] said conditional branching instruction, 

[••] [in] inserting, before [this] said detected instruction of said given rankfiL a 
permutation instruction, [ swap — x , ]at the top of the execution stack of the [m 
] operands of the detected instruction of said given rank [i ]and the [n ] following 
values, [this] the corresponding p ermutation operation [making it 
possible] allowing thus t o collect at the top of the execution stack [the n] said 
following values to be backed up in the set of new registers[,]; and 

[•• ] [in] inserting, before the instruction of said given rank[ i], a set of backup 
instructions [ store ]to back up to the set of new registers[,]; and 

[•• ] [in] inserting, after the detected instruction of said given rankf i], a set of load 
instructions [ load ] to load from the set of new registers. 
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18. (Currently amended) The method [as claimed in] of claim 16, [characterized in 
thatjwherein the [stage] step consisting in reallocating registers by detecting the original registers 
employed with different types consists in: 

[ — in ]determining the lifetime intervals of each register; 

[ — in ] determining the main data type of each lifetime interval, the main data type of a 
lifetime interval [j ]for a given register [r ]being defined by the upper bound of the data 
types stored in [this] said given register [r ]by the backup instructions [ store ]belonging to 
[the] said lifetime interval[ j]; 

[- in ]establishing an interference graph between the lifetime intervals, [this] said 
interference graph consisting of a non-oriented graph of which each peak consists of a 
lifetime interval, and of which the arcs between two peaks [ji and j2]exist if [a] one of the 
peaks contains a backup instruction addressed to the register of the other peak or vice 
versa; 

[- in translating the uniqueness of a data type which is allocated to each register in the 
interference graph, by adding arcs between, all pairs of peaks of the interference graph 
while two peaks of a pair of peaks do not have the same associated main data type; 

[- in ] carrying out an instantiation of the interference graph, by assigning to each lifetime 
interval a register number, in such a way that different register numbers are assigned to 
two adjacent life time intervals in [the] said interference graph. 

Claim 19. (Canceled) 
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20. (Currently amended) An [on-board] embedded system which can be 
reprogrammed by downloading program fragments, said embedded system including a least one 
microprocessor, one random-access memory, one input/output module, one electrically 
reprogrammable nonvolatile memory and one permanent memory, in which are installed a main 
program and a virtual machine [which makes it possible] allowing to execute the main program 
and at least one program fragment using said microprocessor, [characterized in that] wherein said 
[on-board] embedded system includes at least one verification p rogram module to [manage and 
jverify a downloaded program fragment in accordance with the protocol for managing a 
downloaded program fragm e nt as claimed in on e of claims 1 to 3, a process including: 

initializing the type stack and the table of register types through data representing the state of 
said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a 
branching-instruction target, a target of an exception-handler call or a target of a 
subroutine call, and, said current instruction being the target of a branching instruction, 
said verification process consisting in verifying that the stack is empty and rejecting the 
program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current instruction on the 
data types of said type stack and of said table of register types; 

said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
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instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise; 

said management and verification program module being installed in the permanent memory. 
Claim 21. (Canceled) 

22. (Currently amended) A [method of] system for transforming an object code of a 
program fragment including a series of instructions , in which the operands of each instruction 
belong to the data types manipulated by [this] said instruction, the execution stack does not 
exhibit any overflow phenomenon[,] and for each branching instruction, the type of stack 
variables at [thisl a corresponding branching is the same as [at~[ that of the targets of this 
branching, and an operand of given type written to a register by an instruction of [thisjsaid object 
code is reread from [this! said same register by another instruction of this object code with the 
same given data type, into a standardized object code for this same program fragment, in which 
th e op e rands of e ach instruction b e long to th e data typ e s manipulat e d by this instruction, th e 
execution stack do e s not e xhibit ov e rflow ph e nom e non, th e e xecution stack is empty at each 
branching instruction and at e ach branching — targ e t instruction, the sam e data typ e b e ing 
assigned to th e sam e r e gist e r throughout said standardiz e d obj e ct cod e , characteriz e d in 
tha twherein said [conversionj transforming system includes, at least, installed in the working 
memory of a development computer or workstation, a program module [to]for transforming 
[this] said object code into a standardized object code in accordance with th e m e thod as claim e d 
in on e of claims 15 to 18, making it possibl e to g e nerat e a standardized obj e ct cod e for said 
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program fragm e nt, satisfying th e crit e ria for v e rifying this download e d program fragment a 
process of transforming including for all the instructions of said object code: 

annotating each current instruction with the data type of the stack before and after execution of 
said current instruction, with the annotation data being calculated by means of an analysis 
of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching-targets, for which said execution stack is not 
empty, said detecting operation being carried out on the basis of the annotation data of 
the type of stack variables allocated to each current instruction; and, in case of detection 
of a non — empty execution stack, 

inserting instructions to transfer stack variables on either side of said branchings or of said 
branching targets respectively, in order to empty the contents of the execution stack into 
temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack 
does not exhibit any overflow phenomenon, the execution stack is empty at each 
branching instruction and at each branching-target instruction, in the absence of any 
modification to the execution of said program fragment . 

Claim 23. (Canceled) 
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24. (Currently amended) A computer program product which is recorded on a 
medium and can be loaded directly from a terminal into the internal memory of a 
reprogrammable [on-board] embedded system I", such as a microprocessor card] equipped with a 
microprocessor and a rewritable memory, [this] said [on-board] embedded system making it 
possible to download and temporarily store a program fragment consisting of an object code[ 5 ] 
including a series of instructions, executable by [the] said microprocessor [of the on-board 
system ]by way of a virtual machine equipped with an execution stack and with operand registers 
manipulated via [these] said instructions and making it possible to interpret [this] said object code, 
[this] said computer program product including portions of object code to execute the 
[stages] steps of verifying a program fragment downloaded onto [this] said [on-board] embedded 
system as claim e d in on e of claims 4 to 14, wh e n this on - board syst e m is int e rconn e ct e d to a 
t e rminal and this program is e x e cut e d by th e microproc e ssor of this on board syst e m by way of 
said virtual machin e according to a verifying process, said verifying process including: 

initializing the type stack and the table of register types through data representing the state of 
said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a 
branching-instruction target, a target of an exception-handler call or a target of a 
subroutine call and, said current instruction being the target of a branching instruction, 
said verification process consisting in verifying that the stack is empty and rejecting the 
program fragment otherwise; 
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carrying out a verification process and an updating of the effect of said current instruction on the 
data types of said type stack and of said table of register types: 

said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise . 

25. (Currently amended) A computer program product which is recorded on a 
medium including portions of object code to execute [stages] steps of [the method] a process of 
transforming an object code of a downloaded program fragment into a standardized object code 
for this same program fragment as claim e d in on e of claims 15 to 18 , said process of 
transforming including: 

annotating each current instruction with the data type of the stack before and after execution of 
said current instruction, with the annotation data being calculated by means of an analysis 
of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching — targets, for which said execution stack is not 
empty, said detecting operation being carried out on the basis of the annotation data of 
the type of stack variables allocated to each current instruction, and, in case of detection 
of a non-empty execution stack; 

inserting instructions to transfer stack variables on either side of said branchings or of said 
branching targets respectively, in order to empty the contents of the execution stack into 
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temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack 
does not exhibit any overflow phenomenon, the execution stack is empty at each 
branching instruction and at each branching — target instruction, in the absence of any 
modification to the execution of said program fragment . 

26. (Currently amended) A computer program product which is recorded on a 
medium [which] and can be used in a reprogrammable [on-board] embedded system, [such as a 
microprocessor card]equipped with a microprocessor and a rewritable memory, [this] said [on- 
board] embedded system [making it possible]aUowing to download a program fragment 
consisting of an object code, a series of instructions, executable by the microprocessor of 
[the] said [on-board] embedded system by [way] means of a virtual machine equipped with an 
execution stack and with local variables or registers manipulated via these instructions and 
making it possible to interpret [this]said object code, [this]said computer program product 
including, at least: 

[- ]program resources which can be read by the microprocessor of [this] said [on-board] embedded 
system via said virtual machine, to command execution of a procedure for managing the 
downloading of a downloaded program fragment; 



~CHGOl:30693225.vl 



- 19- 



Attorney Docket No: P6451 

[- Jprogram resources which can be read by the microprocessor of [this]said [on-board] embedded 
system via said virtual machine, to command execution of a procedure for verifying, 
instruction by instruction, [the! said object code which makes up said program fragment; 

[- ]program resources which can be read by the microprocessor of [this] said [on-board] embedded 
system via said virtual machine, to command execution of a downloaded program 
fragment [following] subsequent to or in the absence of a conversion of [the] said object 
code of [this] said program fragment into a standardized object code for this same 
program fragment. 

27. (Currently amended) The computer program product as claimed in claim 26, 
additionally including program resources which can be read by the microprocessor of [this] said 
[on-board] embedded system via said virtual machine, to command inhibition of execution, 
[on]by said [on-board] embedded system, of said program fragment in the case of an unsuccessful 
verification procedure of this program fragment. 
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